By Colin Wilcox
& Siew Moi Khor

So, you've partially wrapped your mind around this macro safety business—but what do you do with all those dialog boxes and alert messages that appear when you're working with macros and security settings in Office? Fret not: This column provides an in-depth look at how Word behaves when you work with these dialog boxes and vary your security level settings. This is part two of a three-part series.

Applies to
Microsoft Office XP

---

See all Power User columns
See all columns

---

If you worked through the steps in the previous column, you learned how to increase the level of macro safety in your Microsoft Word files. Now that you know how to do that, you should also know how to work with the key dialog boxes and security levels related to macros.

This column explains how Word behaves when you use the various combinations of security levels, signed and unsigned macros, and the Trust all installed add-ins and templates check box. As you go through this column, keep in mind that you can also apply what you learn to Microsoft Excel and Microsoft PowerPoint®.

Set the security level for Word

Follow these steps:

1. Start Word.
2. On the Tools menu, point to Macro, and then click Security.
3. On the Security Level tab, click High.
4. Click the Trusted Sources tab, and then clear the Trust all installed add-ins and templates check box.
5. Click OK.

With the Trust all installed add-ins and templates option disabled and security set to High, Word will not run unsigned macros. Also, Word will ask you before running a signed macro if the publisher of the macro isn't already on your list of trusted sources. To explore that behavior, keep going with the following steps.

Create a test macro

If you don't have an unsigned macro handy, follow these steps to create a small macro (otherwise, skip to the next section):

1. Start Word and open a new, blank file.
2. On the Tools menu, point to Macro, and then click Visual Basic Editor.
3. In the Project window, double-click ThisDocument.
4. Copy and paste this code into the code window:

   sub test()
      MsgBox "This is only a test."
   end sub

   
   
5. Save the document to your default working folder. (To find your default folder, switch back to the open Word document. On the Tools menu, click Options, and then click the File Locations tab. The Documents entry in the list shows you the location of your default working folder.)
6. Close the Visual Basic Editor and the Word file.

The next sections guide you through the process of using the various combinations of digital signatures, security levels, and trusted publishers. Knowing how to work with all of these can help you boost your macro security.

Run the test macro

The scenarios in the following sections explain how Word behaves when you run unsigned and signed macros by using the various combinations of security settings.

Run an unsigned macro

Remember the table at the end of the previous column? It described how Word treats macros, depending on your security and trust settings. We'll use Word to explore that behavior in greater depth. First, we'll see how Word treats unsigned macros as you vary your security and trust settings.

Security level set to High

1. Open the file you created in the previous section.
   Notice that it opens without any alert messages. Why? Because you set your security level to High and opted not to trust any installed macros. With those settings enabled, by default, Word disables unsigned macros without telling you. So, let's investigate a little further to see how tight this security really is.
2. On the Tools menu, point to Macro, and then click Macros.
3. Select a macro, and then click Run. The following message appears because Word has disabled the macro:
   
   

Security level set to Medium

Note  Keep this fact in mind as you go: Unless you need to test a new macro, do not use the Medium security setting, because doing so can put your files and hardware at risk.

1. On the Tools menu, point to Macro, and then click Security.
2. On the Security Levels tab, click Medium.
3. Close and then reopen your test document. At this security level, Word displays the following alert message:
   
   

   At this point, you can enable the macro or continue using the document without it. If you click Enable Macros, Word enables the one macro for the current session only.

Security level set to Low

Repeat the steps in the previous section and set your security level to Low. When you reopen your test document, Word loads it with no alerts, and you can run any macros. But pay attention to the warning on the Security dialog box. If you use the Low setting, you increase your vulnerability even if you clear the Trust all installed add-ins and templates check box.

Run a digitally signed macro

If you haven't already done so, follow the steps in the previous column to create a digital certificate and then digitally sign your test macro. Then, see what happens in the following scenarios.

Security level set to High

1. Use the Security dialog box to set your security level to High, and make sure the Trust all installed add-ins and templates check box is still cleared.
2. Open the document containing the signed macro. The following dialog box appears.
   
   
   

   Notice that this time, Word gives you the option of trusting the publisher.

3. Click Always trust macros from this source, and then click Enable Macros. From this point on, Word will silently open and run the trusted macro. In addition, if the publisher uses the same digital certificate to sign other macros, those additional files will also run seamlessly.

Oops, I trusted the wrong publisher

You can remove a publisher from your list of trusted sources at any time.

1. Open the Security dialog box (Tools menu, Macro command, Security subcommand), and then click the Trusted Sources tab.
2. Click the publisher you want to remove, and then click Remove.

Security level set to Medium

If you're so inclined, create a new digital test certificate and a document with a new test macro. Use the Security dialog box to set your security level to Medium, with the Trust all installed add-ins and templates check box cleared. When you open the new document, you can do one of the following:

• Enable the macro for just that session.
• Trust the publisher.

Security level set to Low

At the risk of being repetitive, repeat the steps in the previous section with your security level set to Low. When you reopen your test document, Word again loads it with no alerts, and you can run any macros. But pay attention to the warning on the Security dialog box. Basically, if you want to keep your computer secure, never use the Low security setting. If you use the Low setting, you increase your vulnerability even if you clear the Trust all installed add-ins and templates check box.

Putting it all together

To sum up what we've said so far: You decrease your chances of running a macro by mistake, as well as your vulnerability to macro viruses, by setting your security level to High, clearing the Trust all installed add-ins and templates check box, and trusting macros only when they're digitally signed by a reputable publisher.

Coming up

The final column in this three-part series will explain how to use the Trust all installed add-ins and templates check box and the folders listed on File Locations tab of the Options dialog box in Word. Again, these principles also apply to Excel and PowerPoint.

---

About the author

Colin Wilcox and Siew Moi Khor write for the Office Help team.

See all Power User columns
See all columns

---